Hi, Alex
Security roles themselves are part of the J2EE spec, as you're probably
aware. Users and groups, or any other means of designating a security
"principal", with a small "p", are not. So the server-dependent fun consists
of mapping users & groups to roles. This is where the user manager and role
manager stuff in the Orion API's come in.
If you want to ensure that specific web resources can only be accessed by
certain security roles, then this falls entirely under the J2EE spec, and
you use appropriate tags in the web.xml deployment descriptor
(security-constraint stuff).
Hope this helps.
Arved Sandstrom
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, September 05, 2000 1:31 PM
To: Orion-Interest
Subject: Security Roles
Could someone please explain to me how security roles work in orion.
How can I specify my Jsp pages in a particular web application to take
on a particular role ?
I believe you need to use the UserManager for this, but is there any
information available on the user Manager ??
I do have form authorization working, but the problem is that I have
modelled it on orions code, but do not have an understanding of how it
actually works..
If anyway can please enlighten me on security roles in orion it would
be very much appreciated.
Alex.
